MOSS SearchServiceInstance 6482 error: FIPS validated algorithms
in [Portal Server]
|
Prev: Wiki Page Library - Remove "Recent changes"
Next: Potentially excessive number of SPRequest objects (x) currentl
From: Steve Mushkat Steve on 6 Feb 2008 12:34 I support a server that has the GPO policy "System cryptography: Use FIPS compliant algorithms for encryption" enabled. I saw on Live Search that I needed to modify the machineKey attribute on my web.config files in IIS to use the 3DES algorithm instead of SHA1, which was needed in order for any of the web sites to come up. However, once every minute I still am getting a 6482 error in the Application event log - I've tried everything I can think of to resolve this but I'm stuck!! I've re-entered the service account passwords from Central Admin, re-entered the passwords in the Services snap-in, re-ran the configuration wizard, reinstalled MOSS, reinstalled Service Pack 1, recreated the SSP, stopped & started the Office Search from w/in Services on this server...still no luck. The error text is: Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (2c55c277-846b-44f8-8782-5dca60cd7f18). Reason: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. Techinal Support Details: System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.SynchronizeDefaultContentSource(IDictionary applications) at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize() at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob) Any help is appreciated!!!
From: JPGregor on 19 Feb 2008 21:58 I am having the exact same problem. "Steve Mushkat" wrote: > I support a server that has the GPO policy "System cryptography: Use FIPS > compliant algorithms for encryption" enabled. I saw on Live Search that I > needed to modify the machineKey attribute on my web.config files in IIS to > use the 3DES algorithm instead of SHA1, which was needed in order for any of > the web sites to come up. > > However, once every minute I still am getting a 6482 error in the > Application event log - I've tried everything I can think of to resolve this > but I'm stuck!! I've re-entered the service account passwords from Central > Admin, re-entered the passwords in the Services snap-in, re-ran the > configuration wizard, reinstalled MOSS, reinstalled Service Pack 1, recreated > the SSP, stopped & started the Office Search from w/in Services on this > server...still no luck. > > The error text is: > > Application Server Administration job failed for service instance > Microsoft.Office.Server.Search.Administration.SearchServiceInstance > (2c55c277-846b-44f8-8782-5dca60cd7f18). > > Reason: This implementation is not part of the Windows Platform FIPS > validated cryptographic algorithms. > > Techinal Support Details: > System.InvalidOperationException: This implementation is not part of the > Windows Platform FIPS validated cryptographic algorithms. > at > Microsoft.Office.Server.Search.Administration.SearchServiceInstance.SynchronizeDefaultContentSource(IDictionary applications) > at > Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize() > at > Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob) > > Any help is appreciated!!!
From: Ryan on 4 Mar 2008 17:05 has anyone figured out a solution to this problem? "Steve Mushkat" wrote: > I support a server that has the GPO policy "System cryptography: Use FIPS > compliant algorithms for encryption" enabled. I saw on Live Search that I > needed to modify the machineKey attribute on my web.config files in IIS to > use the 3DES algorithm instead of SHA1, which was needed in order for any of > the web sites to come up. > > However, once every minute I still am getting a 6482 error in the > Application event log - I've tried everything I can think of to resolve this > but I'm stuck!! I've re-entered the service account passwords from Central > Admin, re-entered the passwords in the Services snap-in, re-ran the > configuration wizard, reinstalled MOSS, reinstalled Service Pack 1, recreated > the SSP, stopped & started the Office Search from w/in Services on this > server...still no luck. > > The error text is: > > Application Server Administration job failed for service instance > Microsoft.Office.Server.Search.Administration.SearchServiceInstance > (2c55c277-846b-44f8-8782-5dca60cd7f18). > > Reason: This implementation is not part of the Windows Platform FIPS > validated cryptographic algorithms. > > Techinal Support Details: > System.InvalidOperationException: This implementation is not part of the > Windows Platform FIPS validated cryptographic algorithms. > at > Microsoft.Office.Server.Search.Administration.SearchServiceInstance.SynchronizeDefaultContentSource(IDictionary applications) > at > Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize() > at > Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob) > > Any help is appreciated!!!
From: Steve Mushkat on 12 Mar 2008 14:53
An update...we've been working with Microsoft Support on this problem, and they've stated this will need to go in as a "design change request" and not a bug fix. The issue is that every minute, the timer service checks to see if any new SSP's were provisioned (among other things) - it's this check that's failing because in order to check, it needs to fetch a credential out of the registry, and of course the credential is stored with the MD5 hash, not the 3DES encryption. Hence - errors every minute. There's one other related DCR, but the more we can complain about it the more attention the problem will get - squeaky wheel & all! If you have the option, please get in touch with MS Support to see if you can also raise this issue. I found a seconary problem apart from the recurring errors in the log - couldn't get content deployment to work with FIPS enabled. Working this issue through MS Support as well. "Steve Mushkat" wrote: > I support a server that has the GPO policy "System cryptography: Use FIPS > compliant algorithms for encryption" enabled. I saw on Live Search that I > needed to modify the machineKey attribute on my web.config files in IIS to > use the 3DES algorithm instead of SHA1, which was needed in order for any of > the web sites to come up. > > However, once every minute I still am getting a 6482 error in the > Application event log - I've tried everything I can think of to resolve this > but I'm stuck!! I've re-entered the service account passwords from Central > Admin, re-entered the passwords in the Services snap-in, re-ran the > configuration wizard, reinstalled MOSS, reinstalled Service Pack 1, recreated > the SSP, stopped & started the Office Search from w/in Services on this > server...still no luck. > > The error text is: > > Application Server Administration job failed for service instance > Microsoft.Office.Server.Search.Administration.SearchServiceInstance > (2c55c277-846b-44f8-8782-5dca60cd7f18). > > Reason: This implementation is not part of the Windows Platform FIPS > validated cryptographic algorithms. > > Techinal Support Details: > System.InvalidOperationException: This implementation is not part of the > Windows Platform FIPS validated cryptographic algorithms. > at > Microsoft.Office.Server.Search.Administration.SearchServiceInstance.SynchronizeDefaultContentSource(IDictionary applications) > at > Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize() > at > Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob) > > Any help is appreciated!!! |